Why multi-layered protection might be the only security you can trust

Organisations – from small and medium enterprises (SMEs) to large enterprises – are grappling with unprecedented levels of cyber-attack, all seemingly targeting organisations' most valued asset - their corporate data. Last year more than 575 million data records were lost or stolen.

According to SafeNet's Breach Level Index Report, the prognosis for 2014 looks even more severe. Nearly 200 million records were stolen in the first quarter of 2014, the equivalent of approximately 93,000 records stolen every hour, between January and March, which was an increase of 233 per cent over the same time last year.

The attacks on businesses are getting more sophisticated and the pressure for IT departments to react with increasing urgency is overwhelming. Against this backdrop, IT decision makers face further pressure from within the business to accommodate new ways of working and business transformation – driven by broad adoption of cloud and mobility and the maturity of those technologies.

Advances in technology have accelerated the speed at which enterprises operate – opening up a new world of collaboration with 24/7 access and communication. But this new world of collaboration is not without its challenges.

It has become clear that governing access to corporate resources solely through static usernames and passwords is not enough. So too, locking-down or denying users access to new cloud or mobile technology is unsustainable and unenforceable.

Authentication technology is a clear differentiator for those organisations that appreciate the need to empower users whilst at the same time ensuring data is secure. Rising security risks and demand for seamless and secure access across any device, anytime, has triggered greater adoption of authentication solutions, and according to recent research commissioned by SafeNet 'The 2014 Annual Authentication Survey', further growth is expected.

But are IT departments doing enough and are certain barriers preventing some IT leaders from making this important step to a securer future?

Innovation and security - a delicate balance

There are few businesses that have been untouched by the benefits of Bring Your Own Device (BYOD), mobility and cloud computing. Greater efficiency, better productivity and improved cost savings to name just a few.

However, concurrently these transformational IT shifts have increased complications for internal processes and pushed security practices into the spotlight. Data protection has become a priority, not only because new technologies have opened up new doors to hackers, but because data is now at the heart of almost every organisation.

For all IT leaders the challenge to balance innovation and security within their organisation is a perennial battle. Our 2014 Annual Authentication Survey found that more than half (53 per cent) of respondents restrict access to corporate resources to users of mobile devices.

It's clear from this insight that some IT departments are struggling to keep up with the rapid pace of change caused by new technologies. The danger is that companies are unable to offer staff the full system access they require to perform their job because they don't have the strong authentication in place to allow access.

It's important that business and IT leaders continue to view technology as an enabler, without ignoring the changes they will need to make to allow them to evolve alongside the advancements. Conventional breach prevention and perimeter-based security are not sufficient for protecting modern data. The long list of companies targeted and exposed in the last 12 months includes some big names Kickstarter, Tesco, Morrisons and Target to name just a few.

The reality is that even the bigger players with more money to invest in security are not necessarily better protected. Hackers are becoming much more sophisticated. It can be hard for businesses to keep track of new and evolving threats, which leaves more room for hackers to take advantage.

So how do IT departments tackle this problem?

Protecting the organisation

Multi-factor authentication (MFA) – also known as two-factor authentication – secures access to corporate networks, data and applications, protecting the identities of users, and ensuring that a users' identity is verified. It does so by requiring users to identify themselves with a combination of 'something they know' (password or PIN) and 'something they have' (token or smart card).

The 2014 Annual Authentication Survey, found that over one third of organisations now use MFA to provide secure access across a multitude of devices and locations. 37 per cent of organisations now use MFA for a majority of employees – up from 30 per cent last year.

By 2016, 56 per cent of organisations expect more than half of their users to rely on multi-factor authentication. We are seeing a steady incline in businesses adopting multi-factor authentication and distributing it across the wider workforce.

Within this increase in adoption, we are also seeing a spike in cloud authentication as users move away from on-premises-based authentication. A third (33 per cent) of organisations surveyed in the 2014 Annual Authentication Survey indicated they preferred cloud-based authentication, up from 21 per cent last year – a sizeable 50 per cent increase. 33 per cent are now open to the cloud for authentication implementations. This clearly indicates that more organisations are realising the benefits to be enjoyed from cloud technology, including greater agility and flexibility.

The drive towards mobile authentication is also fuelling a move from hardware to software-based authentication tokens. The survey revealed that the use of software-based authentication rose from 27 per cent in 2013 to 40 per cent in 2014, with the expectation that this will rise again to 50 per cent in 2016. Conversely, the use of hardware-based authentication dropped from 60 per cent in 2014 to 41 per cent in 2014.

But adoption of authentication solutions will need to grow more quickly if IT departments are to keep up with the corresponding change within their businesses.

Removing barriers to adoption

There is still a 'disconnect' in some organisations between the desire for the business to embrace mobility and the struggle to keep up with technology and protect resources and data from hacking threats. Enterprises must accept that their staff will find ways to use mobile to access corporate data – with or without permission. Instead of preventing access, IT decision makers need to deploy multi-factor authentication, which can offer the protection of corporate resources, whilst allowing staff access and maintaining productivity and performance.

Another reason for apprehension about new security technologies are the perceived costs they impose. With IT now at the heart of almost every enterprise, budgeting is especially crucial, so the department must spend wisely. But our research showed that 40 per cent of IT decision-makers did not know how much their authentication solution costs per user, per year.

This lack of awareness offers some clue as to why organisations are not sure what is most cost-effective for them. Some may believe that not spending extra on multi-factor authentication is saving money, which is where those in charge of IT budgeting are being misled. But MFA is designed to be a cheaper alternative in the long term – with a simple method to protect company data and being easy to use.

Looking ahead

The findings from the 2014 Annual Authentication Survey indicate that IT companies are certainly responding to the rise in mobility with increased software based authentication. In just two years 56 per cent of organisations expect the majority of users to rely on multi-factor authentication. This is certainly positive news, and shows a continued appreciation of the need to protect corporate data and secure potential data breaches.

However, the gap between the desire to embrace new transformational IT solutions and the struggle to keep up with these technologies and protect resources and data from external threats continues to be a concern.

As the adoption of cloud computing grows, better security becomes crucial. The cloud offers various benefits for authentication and applications, but without the security support to withhold it, it only increases the threat.

Becoming a victim of a breach has become a case of 'when' and not 'if', and so a multi-layered approach to data security that includes strong authentication is what will enable organisations to be safe in the knowledge that their data is protected, whether or not a security breach occurs.